Process, Policy Help Overcome Staffing Challenges

Finding highly qualified IT security specialist is always a challenge, whether the employer is the government or a business. It's a challenge Stanton Sloane knows well, as the chief executive officer of SRA International, one of the largest providers of IT and cybersecurity services to the federal government, has a distaste for regulation.

"There is always the issue of enough experts, enough people to throw at the problems," Sloane says in an interview with GovInfoSecurity.com (transcript below). "We are stretched a little bit in terms of trying to staff all of these programs we have. I would argue that cybersecurity is not solely a technical problem. It is equal parts, technical, business process and policy."

In the interview, Sloane also discusses the:

Sloane spoke with Eric Chabrow, managing editor of GovInfoSecurity.com.

ERIC CHABROW: What is the major cybersecurity challenges facing the federal government?

STANTON SLOANE: There are a couple of them. First of all, of course, protecting government networks, government information, commanding control systems, those kind of things to avoid penetration and necessary actions. Second, I would say, has to do with infrastructure. Of course, a lot of the infrastructure in the country is in private hands so that is something that requires collaboration with federal government in order to be affective. But clearly, penetration of electrical grids, those kinds of things of which we've seen a lot lately, are also important. The third one is intellectual property. Today, a lot of intellectual property is being stolen, frankly is leading the country, and I think that is a huge strategic issue for the country.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

CHABROW: What would be the responsibility of the federal government in this?

SLOANE: First of all, the government should be an information source for people to make them aware of where there are problems and also provide information on how best to deal with it. Clearly, people that manage infrastructure have a motive to keep the infrastructure up and operating so it's not like government has to provide a lot of penalty for failure to deal with issues, but it can be proactive and help people that run these infrastructures understand the nature of the problem and get them information as quickly as possible. I think that would go a long way to helping. Some type of information exchange there would probably be a good idea.

CHABROW: Where in government would this information exchange originate from? Would that be something in the White House, Homeland Security?

SLOANE: You can put it any one of a number of places. Of course, the president has indicated he wants to put a cybersecurity czar in place and that would be a good place to coordinate it. Where it physically resides I think is less important. What is more important is that the various elements of government contribute to it, because different parts of the government have different insights and different information about the nature of cybersecurity issues. If you could get everybody to contribute to a centralized database, afford one stop shopping if you will, for information exchange that would be very helpful.

CHABROW: Are you troubled with the delay by President Obama in naming a cybersecurity adviser, and is that hindering the federal government's efforts to better secure not only federal government IT but the critical IT infrastructure of the nation?

SLOANE: There is certainly an imperative to get somebody in place and we have a lot of issues that have to be addressed. For me, it's not so much the time, although I would say there needs to be urgency around it, but more is the nature of the job, responsibility, accountability, and what the person has the ability to control. The structure of the job is certainly as important as the timing.

CHABROW: At the moment, the structure of this job has not really been defined. The president said that individual will report to both his national security advisers, national economic adviser, do you think that makes sense?